Web Collaborative Platform Vulnerability in Iris by DFIR
CVE-2026-42329

4.7MEDIUM

Key Information:

Vendor

Dfir-iris

Status
Vendor
CVE Published:
4 June 2026

What is CVE-2026-42329?

Iris, a web collaborative platform designed for incident responders, has a flaw present in versions before 2.4.28. This vulnerability allows attackers to misuse the platform to redirect users to malicious websites they control. The issue has been addressed in version 2.4.28, which includes a fix to enhance the security and protect users from potential exploitation.

Affected Version(s)

iris-web < 2.4.28

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.